Shodan
Vulnerabilities
Vulnerable Software
Caldera:  Security Vulnerabilities
CVE-2014-2933
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
CVSS Score
5.0
EPSS Score
0.002
Published
2014-05-08
CVE-2014-2934
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2014-05-08
CVE-2014-2935
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
CVSS Score
10.0
EPSS Score
0.015
Published
2014-05-08
CVE-2014-2936
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2014-05-08
CVE-2003-0658
Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
CVSS Score
5.0
EPSS Score
0.006
Published
2003-10-20
CVE-2002-1231
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.
CVSS Score
2.1
EPSS Score
0.001
Published
2002-11-04
CVE-2002-1199
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
CVSS Score
5.0
EPSS Score
0.021
Published
2002-10-28
CVE-2002-0835
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
CVSS Score
5.0
EPSS Score
0.028
Published
2002-10-04
CVE-2002-0884
Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.
CVSS Score
7.5
EPSS Score
0.023
Published
2002-10-04
CVE-2002-0885
Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.
CVSS Score
7.5
EPSS Score
0.038
Published
2002-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved